NetBSD Problem Report #47439

From dholland@netbsd.org  Sat Jan 12 22:24:21 2013
Return-Path: <dholland@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id EE36B63D7B3
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 12 Jan 2013 22:24:20 +0000 (UTC)
Message-Id: <20130112222420.D1B0C14A275@mail.netbsd.org>
Date: Sat, 12 Jan 2013 22:24:20 +0000 (UTC)
From: dholland@netbsd.org
Reply-To: dholland@netbsd.org
To: gnats-bugs@gnats.NetBSD.org
Subject: open() does not check for invalid flags
X-Send-Pr-Version: 3.95

>Number:         47439
>Category:       kern
>Synopsis:       open() does not check for invalid flags
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 12 22:25:00 +0000 2013
>Last-Modified:  Sat Dec 03 12:15:00 +0000 2016
>Originator:     David A. Holland
>Release:        NetBSD 6.99.10 (20120731) also 6.99.16 (20130112)
>Organization:
>Environment:
System: NetBSD valkyrie 6.99.10 NetBSD 6.99.10 (VALKYRIE) #11: Sun Dec  9 20:42:51 EST 2012  root@valkyrie:/usr/src/sys/arch/amd64/compile/VALKYRIE amd64
Architecture: x86_64
Machine: amd64
>Description:

open() does not reject invalid flags. It ignores them, which is
reasonably harmless (especially since there aren't that many unused
bits in that flags word) but is silly/stupid.

It does not appear to be possible to set the internal kernel-only flag
bits as open_setfp() ANDs with FMASK.

>How-To-Repeat:

Code reading, plus:

#include <unistd.h>
#include <fcntl.h>
#include <err.h>

#define O_STUPID 0x30000000 /* always make sure this is really invalid */

int main() {
   int fd;

   fd = open("testfile", O_CREAT|O_TRUNC|O_WRONLY|O_STUPID, 0664);
   if (fd < 0) {
      warn("O_STUPID");
   }
   else {
      warnx("O_STUPID was accepted");
   }
   return 0;
}

>Fix:

Straightforward.

>Audit-Trail:
From: coypu@SDF.ORG
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/47439: open() does not check for invalid flags
Date: Sat, 3 Dec 2016 12:11:26 +0000

 Note there is the above:

         if (open_flags & O_SEARCH) {
                 open_flags &= ~(int)O_SEARCH;
         }

 How about something like:

 Index: vfs_syscalls.c
 ===================================================================
 RCS file: /cvsroot/src/sys/kern/vfs_syscalls.c,v
 retrieving revision 1.505
 diff -u -p -u -r1.505 vfs_syscalls.c
 --- vfs_syscalls.c	31 Jul 2016 20:34:04 -0000	1.505
 +++ vfs_syscalls.c	3 Dec 2016 12:02:21 -0000
 @@ -1562,7 +1562,7 @@ do_open(lwp_t *l, struct vnode *dvp, str
  		open_flags &= ~(int)O_SEARCH;
  	}

 -	flags = FFLAGS(open_flags);
 +	flags = FFLAGS(open_flags) & O_MASK;
  	if ((flags & (FREAD | FWRITE)) == 0)
  		return EINVAL;


 I've booted this.
 Also, same is done in a few other calls.

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.